CVE-2025-46819

Medienbericht

EPSS 5.53%
Veröffentlicht 03.10.2025 19:15:43
Zuletzt bearbeitet 12.11.2025 11:34:31
Quelle security-advisories@github.com
CVE-Watchlists
Login
Unerledigt
Login

Redis is an open source, in-memory database that persists on disk. Versions 8.2.1 and below allow an authenticated user to use a specially crafted LUA script to read out-of-bound data or crash the server and subsequent denial of service. The problem exists in all versions of Redis with Lua scripting. This issue is fixed in version 8.2.2. To workaround this issue without patching the redis-server executable is to prevent users from executing Lua scripts. This can be done using ACL to block a script by restricting both the EVAL and FUNCTION command families.

Betroffene Produkte Warnungen 0 Metriken 3 CWE 2 Referenzen 9

Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD

Diese Information steht angemeldeten Benutzern zur Verfügung.

Daten sind bereitgestellt durch National Vulnerability Database (NVD)

Redis ≫ Redis Version < 6.2.20

Zu dieser CVE wurde keine CISA KEV oder CERT.AT-Warnung gefunden.

EPSS Metriken
Typ	Quelle	Score	Percentile
EPSS	FIRST.org	5.53%	0.9

CVSS Metriken
Quelle	Base Score	Exploit Score	Impact Score	Vector String
nvd@nist.gov	7.1	1.8	5.2	CVSS:3.1/AV:L/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:H
security-advisories@github.com	6.3	1	5.2	CVSS:3.1/AV:L/AC:H/PR:L/UI:N/S:U/C:H/I:N/A:H

CWE-125 Out-of-bounds Read

The product reads data past the end, or before the beginning, of the intended buffer.

CWE-190 Integer Overflow or Wraparound

The product performs a calculation that can produce an integer overflow or wraparound when the logic assumes that the resulting value will always be larger than the original value. This occurs when an integer value is incremented to a value that is too large to store in the associated representation. When this occurs, the value may become a very small or negative number.

https://www.heise.de/news/Redis-Kritische-Codeschmuggel-Luecke-in-Datenbank-10733632.html

Medienbericht

heise Security

https://github.com/redis/redis/releases/tag/8.2.2

Release Notes

https://github.com/redis/redis/commit/3a1624da2449ac3dbfc4bdaed43adf77a0b7bfba

Patch

https://github.com/redis/redis/security/advisories/GHSA-4c68-q8q8-3g4f

Third Party Advisory

https://www.vicarius.io/vsociety/posts/cve-2025-46819-detect-redis-vulnerability

Third Party Advisory

https://www.vicarius.io/vsociety/posts/cve-2025-46819-mitigate-redis-vulnerability